Get the permission information for native services

For native services such as mediaserver and audioserver, the permission information cannot be retrieved from getInstalledPackages. Instead, the high level permission information is avalaible in systemConfigs. With those permission information, netd can store the complete list of uids that have UPDATE_DEVICE_STATS permission. Bug: 128944261 Test: dumpsys netd trafficcontroller Change-Id: I0331d5a3a5b927a351fcfe6689ef1ba2b993db0c
author: Chenbo Feng <fengc@google.com> 2019-03-26 14:36:34 -0700
committer: Chenbo Feng <fengc@google.com> 2019-03-27 02:45:37 +0000
commit: dd77fcee7c109a8ffa8a6eee2e18cec8de9dc4a6 (patch)
tree: 6d546f2d79d858f525bc3773442e6af3d8cd2cae
parent: 88fb51277bf540f84408df6392db7ea8393c204d (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
index 30771eb7df92..0c559346bc42 100644
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
@@ -43,12 +43,15 @@ import android.os.INetworkManagementService;
 import android.os.RemoteException;
 import android.os.UserHandle;
 import android.os.UserManager;
+import android.util.ArraySet;
 import android.util.Log;
+import android.util.SparseArray;
 import android.util.SparseIntArray;
 
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.util.ArrayUtils;
 import com.android.server.LocalServices;
+import com.android.server.SystemConfig;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -170,6 +173,23 @@ public class PermissionMonitor {
             }
         }
 
+        final SparseArray<ArraySet<String>> systemPermission =
+                SystemConfig.getInstance().getSystemPermissions();
+        for (int i = 0; i < systemPermission.size(); i++) {
+            ArraySet<String> perms = systemPermission.valueAt(i);
+            int uid = systemPermission.keyAt(i);
+            int netdPermission = 0;
+            // Get the uids of native services that have UPDATE_DEVICE_STATS permission.
+            if (perms != null) {
+                netdPermission |= perms.contains(UPDATE_DEVICE_STATS)
+                        ? INetd.PERMISSION_UPDATE_DEVICE_STATS : 0;
+            }
+            // For internet permission, the native services have their own selinux domains and
+            // sepolicy will control the socket creation during run time. netd cannot block the
+            // socket creation based on the permission information here.
+            netdPermission |= INetd.PERMISSION_INTERNET;
+            netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission);
+        }
         log("Users: " + mUsers.size() + ", Apps: " + mApps.size());
         update(mUsers, mApps, true);
         sendPackagePermissionsToNetd(netdPermsUids);
author	Chenbo Feng <fengc@google.com>	2019-03-26 14:36:34 -0700
committer	Chenbo Feng <fengc@google.com>	2019-03-27 02:45:37 +0000
commit	dd77fcee7c109a8ffa8a6eee2e18cec8de9dc4a6 (patch)
tree	6d546f2d79d858f525bc3773442e6af3d8cd2cae
parent	88fb51277bf540f84408df6392db7ea8393c204d (diff)